Candidate: CVE-2017-5630
PublicDate: 2017-02-01 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5630
Description:
 PECL in the download utility class in the Installer in PEAR Base System
 v1.10.1 does not validate file types and filenames after a redirect, which
 allows remote HTTP servers to overwrite files via crafted responses, as
 demonstrated by a .htaccess overwrite.
Ubuntu-Description:
Notes:
 sbeattie> PEAR issues should go against php-pear as of xenial
 seth-arnold> PEAR/PECL appears to have no authenticity checks of any sort. As
  far as I can tell any malicious MITM can install whatever they want anyway.
 leosilva> unfixed as of 2020-11-23
 rodrigo-zaiden> unfixed as of 2022-03-08.
Bugs:
 http://pear.php.net/bugs/bug.php?id=21171
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_php5:
upstream_php5: needed
precise_php5: ignored (reached end-of-life)
precise/esm_php5: ignored (end of ESM support, was deferred)
trusty_php5: ignored (reached end-of-life)
trusty/esm_php5: deferred (2022-03-08)
vivid/ubuntu-core_php5: DNE
vivid/stable-phone-overlay_php5: DNE
xenial_php5: DNE
yakkety_php5: DNE
zesty_php5: DNE
artful_php5: DNE
bionic_php5: DNE
cosmic_php5: DNE
disco_php5: DNE
eoan_php5: DNE
focal_php5: DNE
groovy_php5: DNE
hirsute_php5: DNE
impish_php5: DNE
jammy_php5: DNE
devel_php5: DNE

Patches_php7.0:
upstream_php7.0: not-affected
precise_php7.0: DNE
precise/esm_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
vivid/ubuntu-core_php7.0: DNE
vivid/stable-phone-overlay_php7.0: DNE
xenial_php7.0: not-affected
esm-infra/xenial_php7.0: not-affected
yakkety_php7.0: not-affected
zesty_php7.0: not-affected
artful_php7.0: DNE
bionic_php7.0: DNE
cosmic_php7.0: DNE
disco_php7.0: DNE
eoan_php7.0: DNE
focal_php7.0: DNE
groovy_php7.0: DNE
hirsute_php7.0: DNE
impish_php7.0: DNE
jammy_php7.0: DNE
devel_php7.0: DNE

Patches_php7.1:
upstream_php7.1: not-affected
precise_php7.1: DNE
precise/esm_php7.1: DNE
trusty_php7.1: DNE
trusty/esm_php7.1: DNE
vivid/ubuntu-core_php7.1: DNE
vivid/stable-phone-overlay_php7.1: DNE
xenial_php7.1: DNE
yakkety_php7.1: DNE
zesty_php7.1: DNE
artful_php7.1: not-affected
bionic_php7.1: DNE
cosmic_php7.1: DNE
disco_php7.1: DNE
eoan_php7.1: DNE
focal_php7.1: DNE
groovy_php7.1: DNE
hirsute_php7.1: DNE
impish_php7.1: DNE
jammy_php7.1: DNE
devel_php7.1: DNE

Patches_php-pear:
upstream_php-pear: needed
precise_php-pear: DNE
precise/esm_php-pear: DNE
trusty_php-pear: DNE
trusty/esm_php-pear: DNE
vivid/stable-phone-overlay_php-pear: DNE
vivid/ubuntu-core_php-pear: DNE
xenial_php-pear: ignored (end of standard support, was deferred)
esm-infra/xenial_php-pear: deferred (2022-03-08)
yakkety_php-pear: ignored (reached end-of-life)
zesty_php-pear: ignored (reached end-of-life)
artful_php-pear: ignored (reached end-of-life)
bionic_php-pear: deferred (2022-03-08)
cosmic_php-pear: ignored (reached end-of-life)
disco_php-pear: ignored (reached end-of-life)
eoan_php-pear: ignored (reached end-of-life)
focal_php-pear: deferred (2022-03-08)
groovy_php-pear: ignored (reached end-of-life)
hirsute_php-pear: ignored (reached end-of-life)
impish_php-pear: deferred (2022-03-08)
jammy_php-pear: deferred (2022-03-08)
devel_php-pear: deferred (2022-03-08)